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DETAILED ACTION 

Status of Claims 

1 . Claims 1 -2, 1 2, 23-24, and 45 are amended. Claims 3-1 1 , 1 3-22, 25-44, 46-80 are 
original. Claims 1-80 are pending. 

Response to Arguments 

2. Applicant's arguments filed 4/18/2008 have been fully considered. Certain arguments 
are not considered persuasive. 

3. Applicant argues that "Random Deposit" ("Online Payments Raising Host of Unresolved 
Issues") does not teach an unverified account. In response to Applicant's argument, Examiner 
asserts that the unverified account is implicitly described. This is additionally supported by 
"User Agreement" ("User Agreement for Paypal Service"), cited in the previous office action. In 
particular, Section III Subsection 1i, on page 5 describes unverified and verified accounts. 
Applicant further argues even if an unverified account is implicitly described by the reference 
there is no teaching that the unverified account requires a first level of authentication. Examiner 
asserts that the unverified account requires a first level of authentication in the form of a 
password to the account. Examiner asserts that it was in the knowledge of one of ordinary skill 
in the art at the time of invention that Paypal authenticated via a user id and password. This is 
additionally supported by "User Agreement". In particular, Page 4 section 10 discusses the 
user's responsibility to not reveal the account password. 



4. Applicant argues that "Random Deposit" is silent as to whether an account becomes a 
verified account for all time . In response to this argument, Examiner would like to clarify the 
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interpretation taken of the limitation "for all time". Clearly there is no way to guarantee that an 
electronic account will remain in existence "for all time" in its literal sense. Therefore, the 
limitation can be reasonably interpreted as only having to convert an account once. The re- 
verification process of Paypal is an additional step. That is, the account would remain verified 
"for all time" if not for the additional step of re-verification. Therefore, the reference anticipates 
the claim since it is narrower in scope. Even if the reference was not anticipatory, the 
elimination of the re-verification step would have been obvious to one of ordinary skill in the art 
because of added convenience. 

5. Applicant argues that the authentication scheme differs from the challenge-response 
mechanism. Examiner asserts that in reference, the authentication scheme does differ from the 
challenge-response mechanism. The authentication scheme is the user/password combination 
and the challenge-response mechanism is the random deposit technique. 

6. Applicant argues that no further set of services becomes available as a result of the 
random deposit technique. Examiner disagrees. "Random Deposit" states that a verified 
account is needed to fund payments, ie. an unverified user can still received payments. 
Additionally, "User Agreement" shows that unverified accounts have a sending limit, whereas 
verified accounts do not (see Section III, Subsection 1i). 

Claim Rejections - 35 USC §102 

The text of those sections of Title 35, U.S. Code not included in this action can be found 
in a prior Office action. 
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7. Claims 1-6, 10-11, 23-28, 32-33, 50-56, 60-61 rejected under 35 U.S.C. 102(b) as being 
anticipated by "Random Deposit". 

Regarding claim 1, 

"Random Deposit" teaches providing an account, the account a first account type 
providing a first set of services, the first set of services requiring a first level of authentication; 
presenting an accountholder a one-time challenge/response mechanism; and if the 
accountholder clears the challenge, converting the account to a second account type for all 
time; wherein the second type provides the first set of services plus further services associated 
therewith, the further services requiring at least one further level of authentication. 

Regarding claim 2, 

"Random Deposit" further teaches wherein the challenge/response mechanism requires 
an accountholder to provide information known only to the accountholder. 

Regarding claim 3, 

"Random Deposit" further teaches providing the wallet account comprises either of the 
steps of: creating the account when making an initial purchase; and creating a record in a 
subscriber database. 

Regarding claim 4, 

"Random Deposit" further teaches wherein subscribers include subscribers to any of: an 
online services and an ISP (Internet Service Provider). 
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Regarding claim 5, 

"Random Deposit" further teaches wherein the step of presenting a challenge/response 
mechanism comprises steps of: requesting a service from within the account of the first type 
that is only available from within an account of the second type; and prompting the 
accountholder to provide the information known only to the accountholder. 

Regarding claim 6, 

"Random Deposit" further teaches wherein the account comprises an electronic wallet, 
the first type comprising a thin wallet wherein the first set of services comprises at least one low- 
risk task requiring a low security level. 

Regarding claims 10-11, 

"Random Deposit" teaches authenticating at the first level to gain access to the first 
account (see Response to Arguments); wherein authenticating at the first level comprises 
providing a user ID and a first-level password. 

Regarding claim 50, 

"Random Deposit" teaches a wallet server; a wallet database; a subscriber database; 
wherein the wallet server is in communication with the wallet and the subscriber databases; 
wherein the wallet server is in communication with the wallet and the subscriber databases; and 
a client in communication with the wallet server, wherein a wallet accountholder requests 
services from the wallet server; wherein the server includes means for converting the electronic 
wallet. 
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Regarding claims 23-28, 32-33, 51-56, 60-61, 

The claims are drawn to a computer readable medium comprising instructions for 
executing the methods or to systems which perform the method of the aforementioned claims. 

Claim Rejections - 35 USC §103 

The text of those sections of Title 35, U.S. Code not included in this action can be found 
in a prior Office action. 

8. Claims 45 and 76 rejected under 35 U.S.C. 103(a) as being unpatentable over "Random 
Deposit" in view of Schell (US Patent 6,477,648). 

Regarding claims 45 and 76, 

"Random Deposit" does not explicitly teach accessing an account from a client device 
previously established as trusted. 

Schell teaches accessing an account from a client device previously established as 
trusted (see abstract, MAC address). 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
modify the method of converting of "Random Deposit" further with accessing an account from a 
client device previously established as trusted. One skilled in the art would have been 
motivated to make the modification for the benefit of increased security. 

9. Claims 46 and 77 rejected under 35 U.S.C. 103(a) as being unpatentable over "Random 
Deposit" in view of Schell, further in view of Applicant admission of prior art. 
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Regarding claims 46 and 77, 

"Random Deposit" does not explicitly teach establishing a client as trusted comprises 
authentication with a second-level password. 

Applicant admission of prior art teaches establishing a client as trusted by means of 
authentication with a second-level password (see page 3 of specification starting with 
"Conventionally, digital wallets..."). 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
modify the method of converting of "Random Deposit" further with establishing a client as 
trusted by authenticating with a second-level password. One skilled in the art would have been 
motivated to make the modification for the benefit of increased security. 

10. Claims 47-48 and 78-79 rejected under 35 U.S.C. 103(a) as being unpatentable over 
"Random Deposit" in view of Schell, further in view of Official Notice. 

Regarding claim 47 and 78, 

Official Notice is taken that re-establishing a client as trusted if a trusted state is 
compromised is old and well known in the art. Based upon a technical line of reasoning which 
is clear and unmistakable, if a client is found to be untrusted, it would not only have been 
obvious to re-establish trust with the client, but expected in order to continue providing services 
to the customer in a secure fashion. One skilled in the art would have been motivated to make 
the modification for the benefit of customer satisfaction and maintaining a profit stream. 

Regarding claim 48 and 79, 

"Random Deposit" does not explicitly teach providing a visual indicator of a trusted state. 
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Official Notice is taken that providing a visual indicator is old and well known in the art 
(eg. "Login successful message"). It would have been obvious to modify the method of 
converting of "Random Deposit" further with including visual indicator of a trusted state with 
motivation being that it is convenient for a user to know whether or not he/she is authenticated 
with the system. 

1 1 . Claims 49 and 80 rejected under 35 U.S.C. 1 03(a) as being unpatentable over "Random 
Deposit" in view of Schell, further in view of Alao (US PG-Pub US 200201 47645 A1 ). 

Regarding claims 49 and 80, 

"Random Deposit" does not explicitly teach providing a security controls panel that 
permits accountholders to manage authentication for various online products and sites. 

Alao teaches providing a security controls panel that permits accountholders to manage 
authentication for various online products and sites (see paragraph 49). 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
modify the method for converting of "Random Deposit" further with providing a security controls 
panel that permits accountholders to manage authentication for various online products and 
sites. One skilled in the art would have been motivated to make the modification for the benefit 
of user control (eg. parental control). 

12. Claims 14, 36, 64 rejected under 35 U.S.C. 103(a) as being unpatentable over "Random 
Deposit" in view of Official Notice. 



Regarding claims 14, 36, and 64, 
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"Random Deposit" teaches configuring the challenge by an account provider, wherein 
configuring the challenge includes: specifying information requested by the challenge; 

"Random Deposit" does not explicitly teach specifying a permissible number of response 
attempts. 

Official Notice is taken that specifying a permissible number of response attempts in a 
security process was old and well known at the time of invention (eg. Microsoft Windows 
password lockout). 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
modify the method of converting of "Random Deposit" further with specifying a permissible 
number of response attempts. One skilled in the art would have been motivated to make the 
modification to prevent brute force attempts to provide the correct answer. 

13. Claims 73-75 rejected under 35 U.S.C. 103(a) as being unpatentable over "Random 
Deposit" in view of Alao. 

Regarding claims 73-75, 

"Random Deposit" does not explicitly teach a second server, said second server 
operative to relay data and requests between said wallet server and said subscriber database; a 
router, the router operative to link at least a first and a second network, wherein the wallet 
server occupies the first network and wherein the second server and the subscriber database 
occupy the second network; wherein the wallet database occupies said second network. 

Alao teaches a second server, said second server operative to relay data and requests 
between said wallet server and said subscriber database; a router, the router operative to link at 
least a first and a second network, wherein the wallet server occupies the first network and 
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wherein the second server and the subscriber database occupy the second network; wherein 
the wallet database occupies said second network (see abstract). 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
modify the system of "Random Deposit" to include a second server, said second server 
operative to relay data and requests between said wallet server and said subscriber database; a 
router, the router operative to link at least a first and a second network, wherein the wallet 
server occupies the first network and wherein the second server and the subscriber database 
occupy the second network; wherein the wallet database occupies said second network. One 
skilled in the art would have been motivated to make the modification to secure personal 
information on a separate server. 

14. Claims 12-13, 34-35, 62-63 rejected under 35 U.S.C. 103(a) as being unpatentable over 
"Random Deposit" in view of Alao, further in view of Official Notice. 

Regarding claims 12-13, 

"Random Deposit" does not explicitly teach wherein the information known only to the 
account holder comprises at least a portion of a credit card number stored in the first account; 

Alao teaches wherein the information known only to the account holder comprises at 
least a portion of a credit card number stored in the first account (see paragraph 75). 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
modify the method of converting of "Random Deposit" further with wherein the information 
known only to the account holder comprises at least a portion of a credit card number stored in 
the first account. One skilled in the art would have been motivated to make the modification for 
the benefit of increased security. 
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"Random Deposit" does not explicitly teach if the accountholder doesn't clear the 
challenge, allowing a predetermined number of attempts to enter the information known only to 
the account holder; if the account holder fails the predetermined number of attempts, allowing 
the account holder to provide a new credit card number; and presenting a challenge based on 
the new credit card number. 

Official Notice is taken that specifying a permissible number of response attempts in a 
security process was old and well known at the time of invention (eg. Microsoft Windows 
password lockout). 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
modify the method of converting of "Random Deposit" further with if the accountholder doesn't 
clear the challenge, allowing a predetermined number of attempts to enter the information 
known only to the account holder. One skilled in the art would have been motivated to make the 
modification to prevent brute force attempts at guessing the correct answer. 

Alao teaches storing multiple credit card numbers for the consumer to choose from (see 
paragraph 99). 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
modify the method of converting of "Random Deposit" further with if the account holder fails the 
predetermined number of attempts, allowing the account holder to provide a new credit card 
number; and presenting a challenge based on the new credit card number. One skilled in the 
art would have been motivated to make the modification for convenience, ie. a user may not 
remember the information to one credit card, but may still remember the information to another. 



Regarding claims 34-35 and 62-63, 
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The claims are drawn to a computer readable medium comprising instructions for 
executing the methods or to systems which perform the method of the aforementioned claims. 

15. Claims 7-9, 15, 29-31, 37, 57-59, 65 rejected under 35 U.S.C. 103(a) as being 
unpatentable over "Random Deposit" in view of "User Agreement". 

Regarding claims 7-9, 

"Random Deposit" does not explicitly teach wherein the at least one low-risk task 
comprises any of: making purchases not exceeding a predetermined purchase amount; making 
transactions using default account information; and making purchases at sites requiring only the 
first level of authentication; wherein the second type comprises a full wallet and the further rights 
comprise additional tasks requiring greater security than the low level of security; wherein the 
additional tasks comprise any of: editing the default account information; editing account 
preferences; making purchases that exceed a predetermined purchase amount; and making 
purchases at sites that require the at least one level of further authentication. 

"User Agreement" teaches wherein the at least one low-risk task comprises any of: 
making purchases not exceeding a predetermined purchase amount (sending limit on unverified 
account); making transactions using default account information; and making purchases at sites 
requiring only the first level of authentication; wherein the second type comprises a full wallet 
and the further rights comprise additional tasks requiring greater security than the low level of 
security; wherein the additional tasks comprise any of: editing the default account information; 
editing account preferences; making purchases that exceed a predetermined purchase amount; 
and making purchases at sites that require the at least one level of further authentication. 
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It would have been obvious to one of ordinary skill in the art at the time of invention to 
modify the method of converting of "Random Deposit" with wherein the at least one low-risk task 
comprises any of: making purchases not exceeding a predetermined purchase amount (sending 
limit on unverified account); making transactions using default account information; and making 
purchases at sites requiring only the first level of authentication; wherein the second type 
comprises a full wallet and the further rights comprise additional tasks requiring greater security 
than the low level of security; wherein the additional tasks comprise any of: editing the default 
account information; editing account preferences; making purchases that exceed a 
predetermined purchase amount; and making purchases at sites that require the at least one 
level of further authentication. One skilled in the art would have been motivated to make the 
modification in order to mitigate fraud. 

Regarding claim 15, 

"Random Deposit" teaches creating a record in a wallet account database but does not 
explicitly teach providing notice of a privacy policy; and consenting to the privacy policy by the 
account holder. 

"User Agreement" teaches providing notice of a privacy policy; and consenting to the 
privacy policy by the account holder. 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
modify the method of converting of "Random Deposit" with providing notice of a privacy policy; 
and consenting to the privacy policy by the account holder. One skilled in the art would have 
been motivated to make the modification for the benefit of protection from liability. 



Regarding claims 29-31, 37, 57-59, 65, 



Application/Control Number: 10/690,145 Page 14 

Art Unit: 3693 

The claims are drawn to a computer readable medium comprising instructions for 
executing the methods or to systems which perform the method of the aforementioned claims. 

16. Claims 16-18, 38-40, 66-68 rejected under 35 U.S.C. 103(a) as being unpatentable over 
"Random Deposit" in view of "User Agreement", further in view of Applicant admission of prior 
art. 

Regarding claims 16-18, 

"Random Deposit" does not explicitly teach creating a second-level challenge; setting a 
second-level password; and configuring a security question by the accountholder. 

Applicant admission of prior art teaches creating a second-level challenge; setting a 
second-level password; configuring a security question by the accountholder; providing the 
second-level password; and clearing the security question, (for second-level password see page 
3 of specification starting with "Conventionally, digital wallets...", for security question see page 
3 of specification starting discussing hierarchy of queries in US Patent 6,263,447). 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
modify the method of converting of "Random Deposit" further with creating a second-level 
challenge; setting a second-level password; configuring a security question by the 
accountholder; providing the second-level password; and clearing the security question, (for 
second-level password see page 3 of specification starting with "Conventionally, digital 
wallets...", for security question see page 3 of specification starting discussing hierarchy of 
queries in US Patent 6,263,447). One skilled in the art would have been motivated to make the 
modification for the benefit of increased security since it was old and well known in the art to 
layer different types of security in order to increase overall security. 



Application/Control Number: 10/690,145 
Art Unit: 3693 



Page 15 



Regarding claims 38-40 and 66-68, 

The claims are drawn to a computer readable medium comprising instructions for 
executing the methods or to systems which perform the method of the aforementioned claims. 

17. Claims 19-22, 41-44, 69-72 rejected under 35 U.S.C. 103(a) as being unpatentable over 
"Random Deposit" in view of "User Agreement", further in view of Applicant Admission of prior 
art, further in view of Alao. 

Regarding claim 19, 

"Random Deposit" does not explicitly teach providing a user interface accessible only to 
holders of accounts of the second type to edit account information and preferences. 

Alao teaches providing a user interface to holders of accounts to edit account 
information and preferences (see paragraph 47). 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
modify the method of converting of "Random Deposit" further with providing a user interface 
accessible only to holders of accounts of the second type to edit account information and 
preferences. One skilled in the art would have been motivated to make the modification for the 
benefit of increased security. 

Regarding claim 20, 

"Random Deposit" does not explicitly teach wherein the account information comprises 
any of: first name; middle initial; last name; credit card type; credit card number; credit card 
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expiration date; billing address; city; state; postal code; country; daytime phone; and evening 
phone. 

Alao teaches wherein the account information comprises any of: first name; middle 
initial; last name; credit card type; credit card number; credit card expiration date; billing 
address; city; state; postal code; country; daytime phone; and evening phone (see paragraph 
47). 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
modify the method of converting of "Random Deposit" further with wherein the account 
information comprises any of: first name; middle initial; last name; credit card type; credit card 
number; credit card expiration date; billing address; city; state; postal code; country; daytime 
phone; and evening phone. One skilled in the art would have been motivated to make the 
modification because some of the necessary information to make a purchase may need to be 
updated. 

Regarding claim 21, 

"Random Deposit" teaches wherein first account type comprises a thin wallet, the thin 
wallet comprising a record in a subscriber database, and wherein the second account type 
comprises a full wallet, the full wallet comprising the record in the wallet database, wherein the 
full wallet is initially populated with information from the thin wallet. 

Regarding claim 22, 

"Random Deposit" teaches providing a wallet server, wherein the wallet server 
comprises a web server having a wallet application running thereon, the wallet server operative 
to pull account information from either the subscriber database or the wallet database. 
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Regarding claims 41-44 and 69-72, 

The claims are drawn to a computer readable medium comprising instructions for 
executing the methods or to systems which perform the method of the aforementioned claims. 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to ERIC T. WONG whose telephone number is 571-270-3405. The 
examiner can normally be reached on Monday-Friday 9:00AM-5:00PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James A. Kramer can be reached on 571-272-6783. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/James A. Kramer/ ERIC T. WONG 

Supervisory Patent Examiner, Art Unit 3693 Examiner 

Art Unit 3693 

July 30, 2008 



